[Samba] Sysvol issues after DC migration
rpenny at samba.org
Tue Mar 16 10:09:00 UTC 2021
On 16/03/2021 08:58, Oleg Blyahher via samba wrote:
> I've removed uidNumber from the Administrator user (it had 2500).
> Still getting the same "Access is denied" when trying to change
> things, and can't set the owner.
> The Administrator user also has the gidNumber 512, if that helps
It sounds like someone has given everything a uidNumber or gidNumber,
try checking the following users for a uidNumber or gidNumber attribute:
Remove any that you find. Do the same for these groups:
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
enterprise read-only domain controllers
group policy creator owners
read-only domain controllers
Then run 'net cache flush' on all Unix domain members.
If you still cannot use Administrator to change things on a Samba DC,
then check if idmap.ldb contains an object similar to this:
Where 'S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz' is your domain SID
More information about the samba